Skip to Main Content
In most of the current or past Information Security Governance programs for enterprises', the approaches used are poor. These approaches do not provide or deal with the systemic view of enterprises' information security governance and the emergent issues for its sustenance. In this paper, the author proposes two system models of enterprise information security governance based on systems thinking concepts. The first model, InfoSGov is used for assessing the current state of Enterprises' Information security governance and the second model, GovInfoS is used for proposing the future state and its sustenance. The application of these models in a large telecom enterprise using the qualitative tools developed, is provided. It has demonstrated the practical use of the models and tools for assessment and sustenance of the enterprise with respect to information security governance.